Public Administration Data Strategy 2023-2027

BY

Malta is at the forefront of a technological evolution that is transforming society and our economy. It is affecting the way we communicate, interact, work, and carry out our day to day lives.

Data is at the core of all our technology and processes. The increasing amount of non-personal and public data, along with technological advances on how it is stored and processed, create opportunities for innovation, competition, and growth. Within Government, data is central to the delivery of public services. We need to ensure that this data is open for its appropriate consumption and use, empowering society to become data-driven.

Primarily, we need to keep the interests of society first, ensuring that the collection, processing, and use of personal data is in accordance with our values, fundamental rights, and rules. Individuals only trust technological innovation if they are confident that their privacy and personal data is being safeguarded. However, we also need to step up our use of data within Government, where data is governed and managed effectively and transparently.

The Public Administration Data Strategy views data as a national asset, having intrinsic value. We want to ensure that data is recognised as the fuel for us to sustain the digital momentum. But it also bears inherent risks. It needs to be governed, protected, shared, and consumed within a comprehensive regulatory framework that does not stifle, but rather promotes innovation. This means bringing the significant strides that Malta has made in digitisation within the Public Administration to their full potential, unlocking the value of public sector information.

This Strategy sets a comprehensive course of action that the Government shall be spearheading on technical, legislative, organisational, and cultural fronts in collaboration with stakeholders. It is not an end in itself. It is the start of a long, challenging journey that, ultimately, will see the Public Administration and the Maltese society further appreciate the value, power, and benefits of data collection and prudent management.

Acronyms

AI Artificial Intelligence

API Application Programming Interface

DESI Digital Economy and Society Index

EU European Union

FAIR Findable, Accessible, Interoperable and Re-usable

GAIP Generally Accepted Information Principles

GDPR General Data Protection Regulation

ICT Information and Communications Technology

IEC International Electrotechnical Commission

ISO International Organisation for Standardisation

MS Member States (of the European Union)

OAB Official Appointed Bodies

OECD Organisation for Economic Co-operation and Development

OOP Once Only Principle

PSI Public Sector Information

SL Subsidiary Legislation

URI Uniform Resource Identifier

EXECUTIVE SUMMARY

Significant strides in the development and application of digital technologies have highlighted the importance of data in transforming society. The growth in volume of available digital data has contributed to economic growth and innovation and empowered users in better decision making.

Unfortunately, the large availability of data has also resulted in a fragmented data ecosystem within the Public Administration, where data management is not adopted in a holistic manner. This leads to an increased administrative burden, as well as an increased risk of ineffective and inefficient public services.

Such issues highlight the need for a strategic and multi-stakeholder approach to the proper and effective processing of data within Government. Indeed, the European Union (EU) is giving high importance to data governance from a strategic, legal, and regulatory perspective through its European Data Strategyi

This Public Administration Data Strategy 2023-2027 outlines the best way on which to build on and manage various technologies used for the collection, processing, storage, preservation and transmission of rapidly growing data, whilst also addressing the related challenges. It aims to engender the general principles of fairness and transparency while seeking to ensure that the Public Administration can best capitalise on the use of data for the benefit of society. Underpinning this is the establishment of consistent data governance and management practices, in order to enable the secure and efficient use of data and to maximise all of its value and benefits. Ultimately, in a well-functioning data ecosystem, users are empowered.

Therefore, the vision proposed for this Strategy “To establish a data empowered society through a public administration that governs and manages data in a regulated, transparent, and effective way”.

The achievement of a data empowered society is based on a number of objectives and principles which form the underlying basis to the Public Administration Data Infrastructure. Six key objectives, along with their rationale and the principles that they each cover, are outlined in this document. The principles view data as an asset representing real and intrinsic value, as having potential risks that need to be recognised and acted upon, on its quality to be managed and measured, on its need to be audited periodically, on its accountability and, ultimately, of its risk as a liability if misused or mismanaged.

This Strategy aims to ensure that good governance of data is at the core of any digital solution or transformation process. It is applicable to all digital data processed within the Public Administration.

Key Objective

Principles covered

Governance

Govern and manage data in a holistic manner across Government through the definition of standards, guidelines, tools, policies, and procedures.

• Central oversight and holistic approach

• Data Classification

• Data Ownership and Stewardship

• Line of Business Data Subsidiarity

• Data Quality Management

• Data Ethics

Protection

Address data protection legal obligations and rights, cybersecurity, data preservation, and archiving requirements.

• Data Preservation and Disposal

• Data Privacy by Design

• Data Security by Design

• Data Sovereignty

• Role-based Authorisation and Access

Interoperability

Facilitate data sharing and re-use through a consistent approach in information systems and datasets.

• Foundation Data Management

• Data Sharing and Re-use

• Protocols for the Unique Identification of Data

• Common Vocabularies and Reference Data

• Data Standards and Formats

Key Objective

Principles covered

Availability

Deliver data in a timely manner and in a format commensurate to effective usage, in conformance to classification criteria applied to such data.

• Data Discovery

• Data Transparency and Traceability

• Digital by Default

• Real-time Data Access

• Open by Default

Intelligence

Facilitate process and service improvements for data usage and data insights and to facilitate smart decision-making.

• Data-driven Decision Making

• Data Sharing and Reuse

• Data Tools and Technologies

Democratisation

Improve data visibility and accessibility in line with legal and security parameters, without the need to resort to conventional gatekeepers.

• Data Awareness and Use

• Co-creation

• User-Centric Data Services

• User Control and Data Visibility

The principles contribute to the Public Administration Data Infrastructure which is made up of three building blocks and three enabling blocks.

The building blocks relate to three aspects: Data Assets, Data Governance, and Data Use and Re-use, each of which focus on a number of key areas.

Building Block

Area of Confidence

Data Assets

• Foundation Data, made up of Base, Administrative, and Governance Registers

• Line of Business Specific Data

Data Governance

• Data Governance Framework

• Data Management

Data Use and Re-use

• Data Discovery and Consumption

• Data Exchange and Sharing

The Enabling Blocks focus on the Legal Framework, Information and Communications Technology (ICT), and Data Culture.

Enabling Block

Area of Focus

Legal Framework Information and Communications Technology

• Legislative aspects related to this Strategy, including the national and EU context.

• ICT solutions relevant to this Strategy, particularly as applied in a horizontal manner across Government.

Data Culture

• Data Awareness

• Data Skills and use of Data Management Tools

In all cases, clear ownership as well as active involvement of all levels of the Public Administration are essential for delivering the effective implementation of this Strategy. But, first and foremost, this needs to be underpinned by the necessary organisational framework covering the regulation, oversight, and implementation aspects of data governance. Although ownership of the Strategy is vested within the Data Governance Council, it calls for further recognition and continuous investment by multiple stakeholders in managing high quality data as the basis of allowing the digitalisation of the Public Administration to reach its full potential. Collaboration is required within the EU and on an international scale.

STRATEGIC CONTEXT

1.1

Introduction

In recent years, digital technologies and their applicability have evolved at an unprecedented pace. At the core of such development is data. The increasing volumes of data widely available to users bring the benefits of growth and innovation as well as insights which may inform better decision-making. This is particularly relevant in the Public Administration context, where huge amounts of data are required for effective administration and delivery of public services. However, confidence and trust need to be instilled and sustained with respect to the sharing and use of such data, which can be sensitive, in accordance with information security and data protection rules.

It

is therefore necessary to have a comprehensive and concerted strategic approach to the processing of data.

Developments in the data domain in Malta over the years have been based on decentralised initiatives - mostly of a legal and technical nature - and on developments within the EU sphere. The focus on data within the EU has gained momentum in recent years, especially from a strategic and legal perspective. The strategic course of action on data on a Public Administration scale has, until now, not been formally defined. This Strategy seeks to address this shortcoming, and in doing so, align Malta to ongoing local and EU developments, challenges, and opportunities.

1.2 Strategic Context

The Public Administration Data Strategy draws on Malta’s Economic Vision 2021-2031ii, its National Digital Strategy, and the Five-Year Strategy for the Public Serviceiii, and it seeks to address data related developments and challenges. It will therefore enable Malta to build further its digital strengths, underpinned by the comprehensive use of data to provide value to the Maltese society and economy.

Data is at the helm of public service provision and policy making, affecting their efficiency and effectiveness. Without a proper data strategy is in place, there is the increased risk of non-interoperable systems or data sources. These would require considerable technical and administrative efforts to integrate and harmonise, whilst also affecting the quality and reliability of the data in question.

Looking at Malta’s digital performance and progress on data relative to the EU and wider, as of 2022, Malta ranked 6th out of all Member States (MS) in the Digital Economy and Society Index (DESI) Country Profile Report compiled by the European Commissioniv. The report assesses the status of each MS in digital competitivenessv. Figure 1, reproduced from the Report itself, indicates Malta’s current ranking and its performance within the digital public services and Open Data domain.

Source: https://digital-strategy.ec.europa.eu/en/policies/desi-malta

Based upon these indications, the Report acknowledges remarkable progress in all areas subjected to analysis but identifies a gap in relation to Open Data and the need to facilitate its access, use, and re-use. Similar findings have been noted in two self-assessments carried out within the Public Administration in 2021, reported in the Five-Year Strategy for the Public Servicevi. Malta’s self-assessment, by means of the Digital Government Index of the Organisation for Economic Co-operation and Development (OECD), highlighted that, while a National Data Portal has been set up, little public sector data is available. The applicability of the self-assessment toolkit provided by the World Bank indicated Malta’s weakest performance in terms of data infrastructure, strategies, and governance, apart from a lack of use of Artificial Intelligence (AI), Big Data, and Analytics for better decision making.

1.3 Purpose

Whilst keeping the overall strategic context in perspective, this Strategy has the overarching goal of transforming data use within the Public Administration. The proper and holistic data governance and the use of standard data management practices is key towards facilitating the sharing and re-use of data across the public sector, supporting decision making across Government and also supporting the provision of value-added services to the citizens.

At the EU level, but also in the global context, there is a prevalent move towards better data management practices, with particular focus on whole-of Government approaches. This Strategy follows the principles established by the EU within the European Data Strategyvii. The European Data Strategy seeks to ensure the free flow of data within the EU and across sectors in compliance with the relevant legislationviii as well as the access and use of data which is Findable, Accessible, Interoperable and Re-usable (FAIRix), based on practical and clear rules requiring robust governance mechanisms.

This Strategy provides a clear actionable direction towards a long-term vision of data within the Public Administration, setting the basis to the modernisation and digitisation of the Government and leading towards a data-driven society. Ultimately, the Public Administration Data Strategy is a key enabler for the National Digital Strategy, given that the management of data used within the Public Administration, known as Public Sector Information (PSI), is at the core of any digital solution and transformation process. This implementation of this Strategy has numerous important benefits at a national level, not only restricted to public bodies, as shown in the below non-exhaustive list.

Citizens, Private bodies

• Increasing trust in Public Administration

• More efficient and effective public services

• Increasing transparency on the use of data

• Reducing administrative burden

• Data-driven Public Administration

Public Administration Bodies

• Cost reduction and improved public services

• Enabling data-driven decision making

• Easier data sharing and re-use

• Visibility and discoverability of data

• Fostering innovation

1.4 Scope

This Strategy concentrates on the way data is used, shared, and re-used within the Public Administration. It acts as a guide for the attainment of the principles being proposed, thereby fostering a data-driven society. Ultimately, it is intended to benefit the public and private sectors and individuals, and may serve as a point of reference for the private sector in the management of data.

The Strategy is applicable to all digital data processed within the Public Administration, particularly data covered by statutory requirements in Malta (official registers). Nevertheless, it is recognised that situations requiring specific considerations, such as those relevant to national security, may call for specific data processing actions that go beyond the scope of this Strategy.

Ultimately, this Strategy requires substantial time and co-ordinated effort for it to be implemented effectively. This Strategy therefore details out a vision, as well as concrete action points, that will enable an improved and effective data ecosystem within the Public Administration.

STRATEGIC DIRECTION

2.1 Vision Data holds high potential to enable individuals and organisations in any activity. Through improved co-ordination, re-use, and sharing of data it is possible to gain a better understanding of societal challenges, and what is needed to address them effectively, therefore fostering a citizen-centric Government. A data-driven digital transformation, including in AI, has substantial potential to enhance digital service delivery and foster innovation, whilst also facilitating the day-to-day operations of the Public Administration.

However, this cannot be achieved without a framework that ensures proper ethics, security and, ultimately, public trust in the management and governance of digital data.

Thus, the Vision proposed by this Public Administration Data Strategy is:

To establish a data empowered society through a public administration that governs and manages data in a regulated, transparent, and effective way.

The ultimate objective is therefore to foster a data-driven society through User Empowerment, where users are any legal or natural person forming part of the digital society or the digital economy who either provide their data for processing, or process the data on behalf of others.

Empowerment means that users are in control of data relating to them or to the clients to whom they are providing a service. The vision of this strategy is therefore seeking to direct efforts towards a transformation of the governance and management of data within the Public Administration, targeting the benefit of citizens, businesses, and the Public Administration alike.

This vision can be enabled through a holistic and coherent approach to data governance, where data use, re-use, and sharing is done in a transparent, secure, legal, and effective way.

2.2

General Principles

The General Principles are derived from the Generally Accepted Information Principles (GAIP)x. These principles underpin Data Governance within the context of the Public Administration Data Strategy.

• Data and content should be treated as an Asset

• Data Assets represent real and intrinsic Value

• Data is Not Static and should be treated as a dynamic asset meriting ongoing attention.

• Data has potential Risks which must be recognised formally and acted upon through Diligence

• Data Quality must be managed and measured.

• Data Audits must be performed periodically.

• Accountability for Data Assets must be identified and pursued.

• Data issues or misuse may result in Liability

2.3

High-level Objectives

Six high-level objectives shall be considered and applied throughout any use or processing of data within the Public Administration, within the wider context of the digital economy and a data-driven society. These will contribute to the achievement of the ultimate objective of User Empowerment. They are listed in a logical sequence that denotes their level of dependency upon the previous one.

1 Governance - To effectively govern data through the definition and application of standards, guidelines, tools, policies, and procedures, in a holistic manner across Government. This will enable the proper management of data, thus ensuring security, transparency, and accountability.

2 Protection - To address and comply with all data-related obligations and rights with respect to all applicable data protection legislation, privacy, or confidentiality considerations, and requirements relating to cybersecurity, data preservation, and archiving.

3 Interoperability - To ensure that all information systems and respective datasets within the different Public Administration domains and sectors use a consistent approach that facilitates data sharing and integration as required. This includes considerations for the technical, legal, semantic, and organisational aspects. It will enable an ecosystem of data sharing and re-use that is transparent, efficient, and effective, and will therefore facilitate the joint delivery of public services.

4 Availability - To make the data available in a timely manner and adopt formats that are commensurate with effective usage and which conform to classification criteria.

5 Intelligence - To use the data to help improve the processes and services rendered and to use the information and insight derived from such data to inform decision-taking and policy-making.

6 Democratisation - To facilitate data visibility and accessibility in line with legal and security parameters removing the need to resort to conventional gatekeepers.

2.4 Specific Principles

A suite of data specific principles form the basis of this Strategy. These are grouped accordingly under the high-level objectives to which they are related.

2.4.1 Governance

Central Oversight and Holistic Approach

If related products and services are to reach their full potential, a wholeof-government approach must be adopted. Hence, data needs to be seen as an enterprise asset that is managed within a broad and horizontal framework that respects regulatory, governance, and operational aspects.

Data Classification

Data mandated by law, including registers and datasets, are to be assigned a classification defined by a comprehensive classification scheme that is to be made public. The ensuing classification is to be published and made available to the public by the respective legally recognised owner.

Data Ownership and Stewardship

Data owners and data stewards are to be established for all official registers and corresponding datasets. Following the establishment of a data owner and data steward, the concept of data stewardship is to be invoked so that such assets can be managed and processed appropriately, whilst ensuring consistency of data quality and accessibility.

Line of Business Data Subsidiarity

Beyond the minimum that is enforceable legally through Governmentwide standards and rules governing data processing, the business owner may further extend and define data depending on the needs of the particular domain or line-of-business specific requirements.

Data Quality Management

The appropriate level of data quality is to be ensured through the allocation of adequate resources and the adoption of suitable processes, technology, standards, and frameworks for continuous measurement against established metrics.

Data Ethics

The usage and processing of data must be carried out in an ethical and transparent manner. Moreover, the application of processes that perform automated decisions must be subject to rigorous measures of transparency, fairness, trust, and security to guarantee user rights and compliance with applicable guidelines and legislation.

2.4.2 Protection

Data Preservation and Disposal

The safety and integrity of data is to be preserved. When data is no longer required it is to be archived or disposed of once the retention period expires. A policy for data retention, archiving, and disposal must be defined, implemented, and reviewed periodically.

Data Privacy by Design

Data privacy and data protection are to be considered and sustained throughout the data lifecycle, commencing at the design stage. Relevant policies and procedures should be in place, including for breaches, risk assessments, and auditing.

Data Security by Design

Systems and processes are to be built in such a way as to protect data from unauthorised access, loss, or corruption due to operational accidents or malicious intent.

Data Sovereignty

When dealing with the designated location of storage devices and flows of data in official registers the laws of that country applying to such data are to be taken into consideration, and necessary safeguards applied accordingly.

Role-Based Authorisation and Access

Rights to access, view, and/or to modify data are to be based on officially recognised roles or organisational functions, with a user ultimately responsible for the action taken through a fully audited system of controls and audit trails.

2.4.3 Interoperability

Foundation Data Management

Foundation data is data that essentially represents the ‘single version of truth’. Such official registers are commonly used and linked across multiple applications and processes, and even across entities. Hence, they need to have an established data quality baseline to ascertain important aspects, including, but not limited to, data accuracy, consistency, and completeness. Data is to be subdivided into master data (core data records) and reference data (which helps explain such records). Foundation data should be read and used directly from source.

Data Sharing and Re-use

The use of Application Programming Interfaces (APIs) across Government shall provide a consistent and holistic way towards data sharing, enabling a better delivery of public services.

Protocols for the Unique Identification of Data

All official records and their respective versions shall be managed using Uniform Resource Identifiers (URIs). These identify each instance of such records uniquely, reflecting current and previous states as well as their duration of validity. In effect, they facilitate interoperability between the various data registers for data use and re-use. A holistic approach towards URI structure should be defined and applied across Government.

Common Vocabularies and Reference Data

The required commonly used vocabularies, and the reference data as applicable to the respective official registers, will be managed centrally, and used both at the foundation data level and line of business level. Where applicable, such vocabularies shall re-use, extend, or be aligned to EU or international vocabularies and standards.

Data Standards and Formats

Standards and formats relating to data and its management, potentially including those which are recognised internationally, are to be published formally and used either as mandatory requirements to ensure interoperability or as guidelines for when the data is not of a universal and common usage nature.

2.4.4 Availability Data Discovery

Data managed by the Public Administration is to be discoverable and findable across Government for intelligence and insight purposes using metadata published on appropriate platforms. The relevant metadata should include, but not be limited to, information about data ownership, data classification, available formats, and any licences and constraints applicable, thus enabling the user to be able to decide whether such data is actionable or not.

Data Transparency and Traceability

The management and the processing of data is to be conducted in a transparent and open manner whereby the flows and movements of data between repositories are documented, discoverable and easily understood. This includes the use of audit logs of operations carried out on the data.

Digital by Default

Data records should be born digitally and easily be accessible online.

Real-time Data Access

Data should be accessible automatically on demand and machinereadable. This would enable data users to have direct access to real-time data, which is particularly important in the case of official registers.

Open by Default

By default, Public Administration data is to be readily and digitally accessible to the public unless there is sufficient justification to consider that data to be sensitive in naturexi or where disclosure may pose a risk. This principle is encouraged also for non-Public Administration data where it can be of value to society and to the economy. Making such data open will foster innovation and further facilitate the goal of a datadriven society.

2.4.5 Intelligence

Data-Driven Decision Making

Data shall be used for business intelligence and advanced analytics for tasks such as policy formulation, operational choices, and other forms of decision making. This needs to be based on quality data that is relevant, complete, and up-to-date. Special consideration should be made towards avoiding any bias in the data used.

Data Sharing and Reuse

The sharing and reuse of data, beyond its original purpose, can maximise and enhance the value of data. Therefore, data should be shared and re-used as much as possible, whilst complying with applicable laws and data minimisationxii parameters.

Data Tools and Technologies

Appropriate and adequate tools and technology platforms will facilitate the management and use of data to ensure that benefits are maximised.

2.4.6 Democratisation

Data Awareness and Use

The value of data, its management as an asset, and its advocacy are to be given due importance, and capacity building shall be provided as required.

Co-creation

Various stakeholders, possibly including organisations and members of the public, should be involved as required to assist in the establishment or revision of data-related services.

User-Centric Data Services

Data services are to focus on users and their needs. The personalisation of such services will encourage uptake and facilitate service delivery.

User Control and Data Visibility

Users are to be able to view and understand data pertinent to their transactions and personal profiles (as existing within the Public Administration) and control its access or usage.

2.5

The Public Administration Data Infrastructure and its Model

The Public Administration Data Infrastructure is centred on the notion of User Empowerment and aims to attain the vision and objectives of this Strategy. As represented through the model in Figure 3, it is made up of three Building Blocks, where each lower building block serves as a base layer for the next. The Building Blocks are in turn are supported by three Enabling Blocks.

The Building Blocks focus on Data Assets, Data Governance, and Data Use & Re-use. Each Building Block leads to actions based upon the related areas of focus.

The Enabling Blocks focus on Data Culture, the pertaining Legal Framework and supporting ICT.

The next two Chapters focus on the Building Blocks and on the Enabling blocks respectively, outlining key strategic actions that are required to achieve the Public Administration Data Strategy vision.

THE BUILDING BLOCKS

3.1 Data Assets

The Data Assets Building Block concerns all data that is generated and processed within the Public Administration. Building on the principles and objectives discussed previously, this building block provides direction towards the functional governance of such data, aiming towards a strong basis to a data-driven society.

The Data Assets Building Block (as depicted in Figure 4) has two elements:

• Foundation Data, which is made up of all registers which embody golden records representing the “single version of truth” within the realm of data.

• Line of Business Specific Data, which includes registers supporting line of business sector specific processes and are treated as domain specific resources subject to a particular sector’s requirements and governance parameters.

Data Assets

3.1.1 Foundation Data

Foundation Data (Figure 5) has three specific groupings: Base Registers, Administrative Registers and Data Governance Registers. These registers contain different categories of data, including master data and reference data.

Base Registers

Foundation Data

Administrative Registers

Data Governance Registers

As indicated within the Five-Year Strategy for the Public Service , the formation of the three key base registers is fundamental for facilitating interoperability and attaining the Once Only Principle (OOP) , within the Public Administration. These base registers help foster innovation and the move towards a true data-driven society. The registers need to be established early as a prerequisite for the building up of the Public Administration Data Infrastructure.

The Base Registers focus primarily on three basic elements:

• Basic identification data of all natural persons accessing a process or services provided by the Government of Malta.

• Data relating to all types of legally recognised and statutory organisations, including those of the Public Administration and businesses, non-government, and voluntary organisations.

• Data relating to Maltese locations, encompassing addresses and related location (geospatial) data, such as buildings, streets, localities, post codes, and officially recognised geographical regions.

The Administrative Registers represent aspects of the Public Administration:

• Its various organisations.

• The assigned responsibilities having links to correspondingly related registers.

• A list of internal and customer-facing processes related to service delivery.

The Data Governance Registers cover data of relevance to the governance of data assets, essential of which is the Register of Registers. This is needed for the cataloguing of all official registers having a legal basis and thus serves as the focal point for all metadata collection and maintenance. Another vital register is one that catalogues common vocabularies, facilitating a consistent approach to the description of data. Other registers may be considered to facilitate further search and discovery of data, data sharing and re-use, and workflow performance.

3.1.2 Line of Business Specific Data

The concept of data subsidiarity applies to line-of-business specific data in that it can extend Foundation Data. This should be subject to a number of parameters in order to maintain consistency and interoperability between both data dimensions. Hence, line of business specific data must conform to an imposed minimum set of standards or best practices as specified at a Public Administration level. However, depending on the specific domain or sector involved, this does not preclude the extension of such standards or best practices at the line-of-business level.

Additionally, for interoperability purposes, links are expected to be established between the Foundation Data and the Line-of-Business specific registers. This shall be enabled through the use of persistent URIs, which will allow data across different technology platforms and record structures to be interoperable. Other interoperability requirements, further outlined within this Strategy, need to be considered.

Actions required in relation to the Data Assets Building Block

1 Implement and operate an information system that enables the Person Register to serve as the single source of Person data, in line with Subsidiary Legislation (SL) 546.03.

2 Establish the legal basis for the Location (Geo-spatial) Registers, including the Address Register

3 Implement and operate an information system that enables the Location (Geo-spatial) Registers, including Address Register, to serve as the single source of Address and Location data, in line with its corresponding legal basis.

4 Establish the legal basis for the Organisations Registers, including Business Register.

5 Implement and operate information systems that enable the Organisations Registers, including Business Register, to serve as the single source of Organisations data in line with its corresponding legal basis.

6 Establish a number of Administrative Registers for the Public Administration which may include the organisations, functions, sectors, processes, and services of the Public Administration.

7 Establish the Register of Registers, as part of the Governance Registers, cataloguing all official registers that have a legal basis and consider establishing any other registers of relevance to the function of the governance of data.

8 Establish and operate Reference Data as part of the Governance Registers.

9 Establish links between all Public Administration line of business systems with data available in the base registers.

3.2 Data Governance

Data Governance is a discipline that involves all levels of management within the Public Administration. Through a holistic approach in data governance, this Strategy will enable a coherent advancement in the use of data across Government; empowering the users, facilitating innovation, and enabling value-added services.

3.2.1 Data Governance Framework

The Data Governance Framework introduces and provides discoverability to policies, definitions, processes, standards, and guidelines for the management and proper use of data. Data governance registers, as part of the Foundation Data, will facilitate the management of components of this Framework. Such Framework, with its various distinct and important constituents, needs to be assimilated within day-to-day business processes and become an integral part of the data management process within the Public Administration. Whilst an overarching Framework can be established at a Public Administration level, extensions of this Framework at a finer granularity can be adopted as needed to reflect and cater for the specific requirements at an entity level. The Framework needs to address various considerations as follows:

Architecture and Standards Considerations

The definition of high-level Data Architecture as a blueprint is important for managing data effectively. Aligning to relevant data models, policies, and standards, it will govern the collection, cleaning, storage, arrangement, integration, use, curation, and preservation of dataxv. Thus, it shall serve as the foundation upon which the Public Administration shall build data capabilities to serve its business needs to and define a framework for the ICT infrastructure to support this Strategy. The definition of various data architectures at different levels of granularity might be required.

Apart from Data Architecture, the classification of data is fundamental for the correct management of data assets or registers. A published Data Classification Scheme serves as a guide to the relevant data owner and it needs to be maintained by them throughout the lifespan of the data. The various classifications are to be presented in a way that a choice is always possible and, when applicable, a default value is indicated. The various classifications might also require the definition of further relevant policies, models, and/or standards, such as for open data, sensitive data etc.

When records from the official registers and official reference data are to be withdrawn from an active dataset, either due to retention period expiry or expiry of validity, a standard archiving method is to be employed. This will allow for any future information requests in respect of such data to be answered. Moreover, whenever an official record is changed, or its core contents or links to other records are updated, it shall be retained as an archived version, along with the date of its replacement. The resulting new record, with changes applied, shall subsequently have its date of creation as equivalent to the end date of the archived one.

Legal and Ethical Considerations

Legal and ethical compliance relate to the proper use of data and avoidance of any potential harmful impacts. This means maximising the beneficial use of data by individuals and organisations whilst being mindful of how certain data might harm society, the economy, and infrastructure. In conjunction with the established legal basis, ethical guidelines are needed to ensure the proper and transparent use of data both at national and EU level. The proposed EU Artificial Intelligence Actxvi shall be followed as it includes guidelines and parameters that ultimately seek to address potential risks and hazards to the safety and fundamental rights of individuals across the EU. Similar ethical guidelines are provided on a national level within Malta’s Ethical AI Frameworkxvii

The same attention needs to be given to the Regulation on European Data Governance (Data Governance Act)xviii, which defines standards for enhancing and facilitating data use and reuse through engendering trust and mitigating obstacles. Any guidelines should help engender confidence and trust in data use.

Interoperability Considerations

The establishment, use, and extension of standards and specifications will facilitate interoperability between data assets and the relevant systems that use this data. They will establish minimum levels of performance and quality, therefore extending operational use. Such standards and specifications should be published and made discoverable, as part of the Data Governance Framework.

Within this context, due consideration needs to be given to URIs, APIs, and Metadata. URIs serve as an easy and flexible means of identifying data resources. Relevant URI Standards should be applied to all official records and their respective versions.

APIs are needed to facilitate data exchange between official registers and across the various platforms for discovery and visualisation purposes and to facilitate data re-use. This calls for effective management of the APIs involved as well as the publication, application and maintenance of API Standards. Such standards shall serve as the main reference for data provisioning and consumption services and are to include specifications for authorisation. Internationally recognised standards should be re-used and/or extended as and where applicable.

Metadata is critical to ensure that volumes of content can be described clearly and attributed in terms of its ownership, classification and other information of value to the management and use of the data.

Quality Considerations

The quality of data in the official registers and official reference data should be monitored continuously. Relevant data quality characteristics and dimensions are to be deployed based on internationally recognised standards (such as ISO/IEC 25012), which include completeness, accuracy, consistency, validity, timeliness, availability, and integrity. This will help to ensure that the quality of data is fit for purpose and maintained at the declared quality level. The appropriate data quality indicators shall be defined to measure each quality characteristic/ dimension considered.

3.2.2 Data Management

A Data Management Plan is essential throughout the data lifecycle. This is vital, especially for the Foundation Data. The high dynamism of data usage calls for such plan to evolve and adapt to reflect changing data needs. Such a plan should include:

• Information on how data is to be managed;

• The specific data to which the plan is applicable;

• How the data is to be collected, processed and/or generated;

• Any methodologies and standards to be used;

• Details on how data is to be accessed and shared; and

• Information on data curation and preservation.

In addition to a Data Management Plan, a prerequisite is to have well defined roles, controls, and access capabilities within and across organisations managing the data. The notion of user empowerment is highly dependent upon the necessary factors available to an individual or organisation with respect to the data that legally pertains to them, and their priorities for using the data. Hence, it is critical to identify the relevant roles for official registers at an early stage, particularly the data owner and/or custodial roles. Such activity is vital, not only for data classification and its implementation, but also to enable role-based data access.

One of the data owner and data custodian’s key responsibilities is ensuring data security and privacy. The data owner needs to record and maintain information on data flows between systems and processes, whilst not compromising content confidentiality, integrity, or availability. In the case of personal data, data views, or predetermined views of specific groups of data elements, are to meet the GDPR principle of data minimisation. Through such principle, only data elements that can be justified only for a specific action or process shall be available for viewing.

Alongside these measures, a feasibility analysis of a Data Authorisations and Permissions Platform is required. This should be an independent, user-friendly and efficient platform to manage authorisations and prohibitions in data access management and, eventually, in any other data operation.

It would need to manage all mandates and data permissions and consents given, including details of any interdictions and incapacitations at the time of data consumption. Such information needs to be clearly visible and understandable among the relevant users making related queries and operate within legal and organisational parameters. A smart tailored data dashboard, forming part of the Platform, would facilitate the aggregation and visualisation of such data.

Actions required in relation to the Data Governance Building Block

10 Design and publish a Data Architecture blueprint, including considerations for Foundation Data.

11 Establish and publish a Data Classification Scheme.

12 Define and publish the implementation of the Record Archiving methods.

13 Define and publish the implementation of the Versioning Standards.

14 Establish and publish Data Ethics guidelines.

15 Establish and publish selection and management guidelines for data interoperability Standards and Specifications.

16 Adopt, adapt, or establish Standards and Specifications as required for the Data Governance Framework.

17 Establish and deploy data quality indicators and monitor the health of the Foundation Data.

18 Define and publish a reference Data Management Plan.

19 Define and publish a data management plan for Base Registers.

20 Identify roles as relevant to data asset management and designate according to the respective official registers, aiming for role-based data access.

21 Carry out a study on the implementation of a Data Authorisation and Permissions Platform, including a user dashboard.

3.3

Data Use and Re-Use

The value of data can be maximised through multiple uses. The legitimate use of data by all stakeholders within the ecosystem shall foster innovation, especially if the re-use is encouraged beyond the Public Administration. This shall be enabled through platforms and other means which facilitate appropriate discovery, consumption, sharing, and exchange of data in a controlled manner. This will facilitate the removal of dependencies on duplicate datasets and the adherence to the OOP, where capturing of data is done only on information that does not yet exist within the Public Administration.

3.3.1 Data Discovery and Consumption

The main entry point to data discovery and consumption for all official registers is the National Data Portal. The National Data Portal is designed as the one-stop-shop for data discovery and metadata management matters. Metadata for all registers is to be made available through the Register of Registers and other Data Governance registers.

Whilst official registers can be discovered and consumed by the Public Administration, it might be the case that an official register is published as Open Data, depending on the classification of the data in question. Such an open register would be available for discovery and consumption by the public in general. The National Data Portal serves as a link with the European Data Portal for the harvesting of local open datasets for Europe-wide publication. Any data which is generated through taxpayer’s contributions, and which is classified as Open Data, should be made available for re-use by any person or organisation without barriers, using the 5-Star deployment scheme for Open Dataxix. Where possible, the Portal will serve to display the contents of official registers which are classified as Open Data. However, when such data is not readily available, there is the need for a facility within the Portal to submit formal requests online. Such requests for Open Data must follow a legally determined process, incorporating various stages of redress in cases of refusal.

To better facilitate the re-use of data, appropriate licensing for Open Data should be applied. Moreover, sharing and re-use also requires a shift away from static datasets, which risk being outdated, to ones using real-time dynamic data. This will be enabled through the use of APIs, for machine readability and machine-to-machine interactions within a real-time environment.

All such proposed developments within the National Data Portal need to align with the EU Open Data and Re-Use of Public Sector Information Directive of 2019 which seeks to establish a set of consistent high-value datasets under six themesxx and which will be regulated as mandatory data publications from all Member States (MS), as part of the Pan-European interoperability objectives.

Official registers containing sensitive or personal information may not be published as Open Data. This data is only available for predefined specific roles with appropriate authentication and authorisation required to gain access. The Portal allows the sharing and re-use of such Public Administration data across authorised entities, as required by their functions.

Irrespective of whether data available through the National Data Portal is open or not, all relevant stakeholders are to be allowed to send data feedback and comments to help improve its quality and value.

Ultimately, the National Data Portal is not the sole data discovery and consumption platform that can be used on a national scale. Whilst it is the main Portal for all official registers, other similar platforms are encouraged for other datasets, especially Open Data.

3.3.2 Data Exchange and Sharing

Data has the potential to provide innovative insights and opportunities to the economy as a whole. Data of value doesn’t always come in structured format. It can be varied and even variable in terms of its meaning at a specific level. Emerging technologies, such as IoT, are creating an exponential growth in data. The speed in which it is collected, processed, and made accessible is ever increasing, which also contributed to the rise in Big Data. Despite such parameters, the data is expected to be accurate and be presented in a meaningful way, as it is expected to ultimately provide value. Nonetheless, encouraging the sharing of such data shall need to be undertaken in a proper legal and ethical way to ensure that trust in data availability and consumption is not undermined.

Within the Public Administration, the re-use of data reduces the burden on data holders or data subjects. This is the basis for the OOP, by which data may be shared across public entities without the need for beneficiaries of public services to provide the same information for each and every service they require. Towards this end, the Public Administration shall introduce a data exchange platform, which is intended to ‘break data silos and provide an architecture which can be exploited for data sharing and re-use purposes, to provide high quality services’xxi This strategic initiative will facilitate interoperability and data reuse under the OOP, especially in context of Foundation Data. This platform should also cater for any exchange of PSI data with the private sector, as allowed by the relevant legislation.

The Data Governance Act will introduce frameworks and rules to increase trust in the concept of data intermediaries and strengthen data sharing mechanisms applicable equally and in a uniform manner across the EU. Intermediaries will be independent brokers operating data exchange platforms enabling the controlled and managed exchange of digital data assets between parties with contractual obligations and agreed responsibilities. Their role will be to engender trust and provide assurance that data is being handled in a correct and ethical manner and in accordance with the data owner’s mandate. The trusted intermediaries, under the direction of the respective data owners, shall need to be licensed to establish and use the required technology and support platforms for the storage and movement of data. Proactive measures should be taken by the Public Administration to facilitate the establishment of such intermediaries allowing a seamless adoption of the Data Governance Act.

Actions required in relation to Data Use and Re-Use Building Blocks

22 Maintain the National Data Portal and populate with official registers, focusing on its sustainability and the discoverability, accessibility, and usability of data.

23 Publish official registers as open data where applicable.

24 Establish a data exchange platform to enable interoperability and exchange of data between Public Administration entities.

25 Study the establishment of local data intermediaries as detailed by the Data Governance Act.

26 Encourage the exchange of data and release of open data by the private sector to stimulate the data economy and research.

THE ENABLING BLOCKS

4.1 Legal Framework

The legal framework includes legal tools for data sharing and re-use that cover all general legal obligations related to data resulting from local legislation, EU Regulations, and other legal instruments transposed into law.

In February 2020, the European Commission presented the European Strategy for Data, with the aim of making the EU a leader in data-driven society. This will be achieved through the establishment of a single market allowing the free flow of data within the Union and across sectors for the benefits of businesses, researchers, and public administrations. Individuals and organisations are to be empowered to make better decisions through insights from non-personal data made available to allxxii One of its pillars is the Regulation on European Data Governance (Data Governance Act). Standards will be set with a view to engender trust in data sharing, strengthen mechanisms to increase data availability and overcome technical obstacles in data re-use. The Regulation identifies specific areas for its application, whether in the public or private sectorxxiii, namely: health, environment, energy, agriculture, mobility, finance, manufacturing, public administration, and skills.

In Malta Cap 546: Re-use of Public Sector Information Act is part of Malta’s existing legal framework pertaining to data and it includes Subsidiary Legislation (SL) 546.01 on the Organisational Structures for Data Sharing and Re-Use. Cap 546 has been amended specifically to transpose the provisions of the Open Data and Re-use of Public Sector Information (Open Data Directive)xxiv into local law, therefore updating the legislative framework in line with digital technology advances and further stimulating digital innovationxxv. The intention is for more value to be generated for the European economy and society. The main provisions of Cap 546 and its SL cater for the main objectives of the National Data Strategy whilst other register-specific legal requirements are to be addressed as an integral part of the respective actions highlighted by this Strategy.

Through SL 546.01, the Data Governance Council, set up in 2014, is recognised both formally and legally. This Council serves as the focal point for coordination and mediation in relation to legally mandated registers within the Public Administration. It is also the main consultative and advisory body in respect of matters relating to the governance of such registers and the formulation of policy and direction within the data domainxxvi

Cap 546 also includes SL 546.02 which provides for and regulates maintenance for a Business Registerxxvii and SL 546.03, which provides for a Persons Register. The process establishing access to Open Data within Cap 546 complements other existing legal instruments such as legislation on the protection of personal data.

The existing legal framework does not stand-alone. Indeed, the National Data Portal was created to facilitate further the objective laid down by Cap 546 and its SL. The Portal aims to address the management and discovery of Public Administration data assets and is intended to incorporate the data governance aspect through the maintenance of meta-data and particular administrative registers.

The legal aspect within the wider context of this Strategy, is considered as given. Nevertheless, there is a need to follow and participate actively as laws evolve, particularly at EU level, in order to ensure that Malta’s legal framework is updated. Moreover, new legislation should be digital-ready in order to enable and facilitate the best use of digital technologies and data. Older legislation should also be amended towards this goal.

Actions required for the Legal Framework Enabling Block

27 Define guidelines towards digital-ready legislation drafting.

4.2 Information and Communication Technology

ICT solutions, including infrastructure, platforms, and software, enable the function of the Public Administration Data Infrastructure’s building blocks. Such solutions are to be implemented as an integral part of the respective actions emanating from the Public Administration Data Strategy. In this respect, there needs to be continuous investment in such ICT solutions, including in terms of research and resources, so that they can sustain the Public Administration Data Infrastructure. Hence, it is vital that a sustainable approach is undertaken in any efforts, and that the re-use of existing solutions is encouraged when possible, including those provided at an EU level. Furthermore, a holistic, all-of-government approach should be undertaken where relevant, in the setup of horizontal ICT solutions. Indeed, it is vital that Public Administration entities adopt and use such solutions.

Generic ICT infrastructure and components, such as those pertaining to connectivity, are beyond the scope of this Strategy.

28 Define a Public Administration Data Infrastructure blueprint.

29 Facilitate Public Administration adoption and integration with horizontal Data Infrastructure solutions, such as the data exchange platform.

4.3 Data Culture

In order to advance the use of data and data-driven innovation, a thriving data-driven culture across the economy and society needs to be nurtured. This will be achieved through fostering the appropriate skills, ongoing data education and awareness, and the use of appropriate and user-centric data management tools.

4.3.1 Data Awareness

Awareness about the value and challenges of using data is to be enabled through an information campaign. The campaign would aim to communicate the benefits that can be derived and the issues that need to be mitigated in the good governance and management of data. In doing so, it would need to focus on the domains and sectors which will stand to benefit most, and on professional data management which needs to be sustained and supported over the long term.

4.3.2 Data Skills and Use of Data Management Tools

Data awareness needs to be complemented by the development of appropriate data management skills. There is a need to undertake a structured approach in education, starting from a sensitisation of data skills at basic academic levels up to data specialist courses, qualifications, and their application in the real-world. Ongoing certifications would be useful.

Increasingly, AI and other data analysis tools transform data into knowledge for those with the capabilities to make use of them. There is a pressing need for up-skilling and re-skilling of workers who are not specialists in the field but who would make use of data for decisionmaking and automation in the course of their duties.

The creation of networks that bring together data and digital experts, policymakers, academics, and researchers from various fields shall serve as a means to further boost the required skills for using and managing data. Such networks provide platforms to exchange information as well as share good practice, failures, and successes.

Most important is that skills will need to be complemented by access and availability of software systems and tools required for the effective management of data. The deployment and use of such tools across the Public Administration is to be in line with the value of the data being analysed or processed, as part of operational and business requirements.

Actions required for the Data Culture Enabling Block

30 Carry out data awareness programmes on the importance of data assets and their governance and management amongst various stakeholders.

31 Raise awareness about the benefits of data re-use and data sharing.

32 Foster the education, skilling, and up-skilling of personnel undertaking data roles.

33 Foster the use of data management tools.

34 Encourage the creation of communities of practice, relevant to the Public Administration Data Strategy.

WAY FORWARD

The Public Administration Data Strategy has outlined principles and actions that need to be undertaken over the coming years to foster the notion of user empowerment. The actions are aimed at addressing current technical and human challenges in effective data governance, as well as tackling the prevailing cultural challenge of data being perceived as an internal commodity to be protected and hidden at all costs.

Following the launch of the Strategy, several actions may merit further detailed consideration and discussion before their eventual implementation. Others may require further maturity to be realised beyond the time horizon of this Strategy.

The first step to bring this Strategy to fruition is the establishment of a roadmap, involving all relevant stakeholders. The roadmap will need to be overseen in a central, coordinated manner and reviewed from time to time to reflect evolving realities. Widely recognised or nationally set performance indicators may be applied.

Ownership of this Strategy is vested within the Data Governance Council. Nevertheless, the necessary comprehensive organisational framework needs to be established. This covers three levels: regulation, oversight, and implementation, with respect to the Public Administration Data Strategy.

• Regulatory authority, that shall monitor and supervise the application of and compliance with legal requirements pertaining to all forms of digital data, as used within the Public Administration. The regulatory authority should also undertake an advisory role as necessary.

• Data oversight body, to act as the main data authority with respect to the governance of official registers and Public Administration data, the formulation of data related policy, and strategic direction on a Public Administration level. Such a dedicated body will undertake data coordination, mediation, and advisory role as necessary. Working with the implementing entities, it should ensure that the direction set out in the Public Administration Data Strategy is applied and implemented. Its creation does not preclude the possibility of having equivalent bodies on a sectoral scale. The data oversight body should have the necessary resources and capabilities to properly govern Public Administration data as an asset, and should thus also include a Chief Data Officer role. The latter should direct the data oversight body in its efforts to strategise data governance in a sustainable manner, leading to the modernisation and digitisation of data use across Government, and establishing the basis to a datadriven society.

• Implementing entities that cover all forms of digital data as required by the Public Administration, while aligning efforts with the regulatory authority and under the direction of the data governance oversight body. These entities are essential to apply, implement, and operate the requirements of this Strategy; being tasked with their day-to-day administration and coordination. Adequate and appropriate resources in terms of quantity and quality of human resources and investment are required.

As indicated throughout this Strategy, data governance requires continuous investment in skills, processes, and tools. All stakeholders must appreciate the importance and value of data as the basis for digitisation to achieve its full potential.

Through strong cooperation and collaboration, Malta would be in a better position to maximise the major benefits of a data-driven society, and thus be increasingly economically empowered.

Actions required for the Way Forward

35 Designate a regulatory authority to monitor and supervise the application of and compliance with legal requirements, as relevant to data.

36 Designate a data oversight body to act as an officially established Government function with respect to governance of official registers and formulation of policy and strategic direction.

37 Consult Official Appointed Bodies (OAB) to implement and operate the requirements set within this Strategy and as mandated by laws, directives, and regulations.

38 Adopt, as appropriate to the particular line of business, the direction and requisites established as a result of this Strategy.

39 Govern the adoption of the direction and requisites established as a result of this Strategy and as implemented by respective business owners.

Application Programming Interface (API) A service interface that enables machine-to-machine communication.

Big Data Data that due to its specific characteristics, including velocity, volume, value, variety, and veracity (known as the 5 V’s of Big Data), cannot be processed using traditional means and methods.

Data Governance

Refers to high-level planning and control over data management. This can include a set of rules and means to use data, for example through strategies, policies, guidelines, sharing mechanisms, agreements, data management practices, and standards.

Data Management The planning, execution, and oversight of the high-level planning and control as carried out in data governance.

Data Owner Officially recognised role within an organisation having the legal obligation and the authority to exercise full control over the data and its use, including its schema, the data classification, and the allocation and updates of access rights to the contents of an official register, dataset, or record set.

Data Life Cycle

The entire period of time during which data is existing within a system, from its collection or generation, towards its removal from the system. This covers all stages and processes, including its collection, ingestion, cleaning, processing, storage, analysis, and usage.

Data Steward

Officially recognised role having the business knowledge and that is ultimately accountable to ensure that datasets are fit for purpose; that is, ensuring that such datasets support business and regulation requirements and to ensure its quality, accuracy, integrity, and timeliness.

Data Sovereignty

The concept that the data an organisation collects, stores, and processes is subject to the laws applicable in the country where it is located.

DESI

A tool that monitors Europe’s overall digital performance and tracks the progress of EU countries in digital competitiveness.

Geospatial

Golden record

Data that is linked to a specific geographic location.

The single, well-defined version of a record or the “single version of the truth”.

Master Data Data that is the most authoritative and accurate data available about entities (e.g., persons, locations), as required by an enterprise. Master data records are considered as golden records, providing the “single version of the truth”.

Metadata

Metadata provides information about one or more aspects of the data itself, such as provenance information, format of the data, licensing information etc. It facilitates the use and re-use of data.

Official record

Any uniquely identified permanent recording of an event, agreement, or state of affairs having the legally recognised quality of establishing that fact or which is admissible as evidence in a Court of law. It is an accredited source of information, usually from an official register, which can be used to support business transactions and public administration processes.

Official Register

Named collection of records mandated by a specific legal instrument from the legislation applicable to the jurisdiction where such a Register is used.

Once Only Principle

The notion of allowing authorities and administrations to reuse and share data and documents that individuals or organisations have already supplied, in a transparent and secure way. It is part of the European Union’s plans to further develop the Digital Single Market by reducing the administrative burden on citizens and businesses.

Open Data

Data that can be freely used, re-used, and redistributed by anyone for any purpose, including commercially. Such data can be subject to the requirement to attribute and share-a-like.

Persistent URI A URI permanently assigned to a particular resource.

Public Administration Government of Malta, including its ministries and departments, specialised units and agencies, government entities, commissions and boards, referred to in the Public Administration Act.

Source: https://legislation.mt/eli/ act/2019/3/eng/pdf

Record set Subset of records derived from a Dataset

Reference data Data listing permissible values and descriptions which are used to classify another dataset, usually of the Master data type, by means of links at the relevant attribute level.

Register Set of files containing identifiers assigned to items, with descriptions of the associated items.

Register of Registers The main catalogue of all the official registers as dictated by the Laws of Malta.

URI A sequence of characters that uniquely identifies an abstract or physical resource.

ENDNOTES

i https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fitdigital-age/european-data-strategy_en

ii https://mimcol.com.mt/wp-content/uploads/2021/06/A-Future-ProofMalta-Consultation-Document.pdff

iii https://publicservice.gov.mt/en/Documents/Achieving-A-Service-ofExcellence-2021.pdf

iv https://digital-strategy.ec.europa.eu/en/library/digital-economy-andsociety-index-desi-2022

v In the areas of human capital, broadband connectivity, the integration of digital technologies by businesses and digital public services

vi https://publicservice.gov.mt/en/Documents/Achieving-A-Service-ofExcellence-2021.pdf

vii Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, A European strategy for data (Brussels 19.2.2020) https://eur-lex.europa.eu/legal-content/EN/ TXT/?qid=1593073685620&uri=CELEX:52020DC0066 []

viii With specific reference to data protection, consumer protection and competition

ix https://www.go-fair.org/fair-principles/

x Ladley, J. (2012). Data Governance: How to Design, Deploy and Sustain and Effective Data Governance Program. Waltham: Elsevier.

xi Of greater public interest or of a solely personal interest

xii In terms of allowing data access only when required and that the minimum amount of data is shared,-processed and retained within the minimum time necessary

xiii Achieving a Service of Excellence: A 5-YEAR STRATEGY FOR THE PUBLIC SERVICE - QUALITY, ACCOUNTABILITY & SUSTAINABILITY, Initiative 13: Once Only Principle (OOP), pg. 51 https://publicservice. gov.mt/en/Documents/Achieving-A-Service-of-Excellence-2021.pdf

xiv https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/ Once+Only+Principle

xv https://www.cio.com/article/3588155/what-is-data-architecture-aframework-for-managing-data.html

xvi https://eur-lex.europa.eu/legal-content/EN/ TXT/?uri=CELEX%3A52021PC0206

xvii https://malta.ai/wp-content/uploads/2019/10/Malta_Towards_Ethical_ and_Trustworthy_AI_vFINAL.pdf

xviii https://eur-lex.europa.eu/legal-content/EN/ TXT/?uri=CELEX%3A32022R0868&qid=1666614691757

xix https://5stardata.info/en/

xx The thematic categories of the high-value datasets, as referred to in Article 13(1) of the Directive on Open Data and the re-use of public sector information (also referred to as the Open Data Directive), are:

xxi Achieving a Service of Excellence: A 5-YEAR STRATEGY FOR THE PUBLIC SERVICE - QUALITY, ACCOUNTABILITY & SUSTAINABILITY, Initiative 13: Once Only Principle, pg 51 and Initiative 24: Data Consent and Exchange Management, pg. 56; https://publicservice.gov.mt/en/ Documents/Achieving-A-Service-of-Excellence-2021.pdf

xxii https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fitdigital-age/european-data-strategy_en

xxiii ‘European data governance’ https://digital-strategy.ec.europa.eu/en/ policies/data-governance

xxiv Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on Open data and the re-use of public sector information. Also referred to as the Open Data Directive or the ‘Recast Directive’, this new Directive supersedes the rules introduced by the PSI Directive - https://digital-strategy.ec.europa.eu/en/policies/ psi-open-data

xxv https://digital-strategy.ec.europa.eu/en/policies/legislation-open-data

xxvi SL 546.01 also refers to the Office of the Data Protection Commissioner (IDPC) as the regulatory authority of the Public Sector Information Directive Implementation and the Malta Information Technology Agency (MITA) as its implementing entity.

xxvii A national list of business organisations